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Abstract — This paper is to address the basics, the limitations and 
the relationship between component reliability and system 
reliability through a study of flight computing architectures and 
related avionics components for NASA future missions. 
Component reliability analysis and system reliability analysis 
need to be evaluated at the same time, and the limitations of each 
analysis and the relationship between the two analyses need to be 
understood. 
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I. Introduction 

A comprehensive components/parts management program 
and a system reliability and maintainability (R&M) program 
are required by NASA for all spaceflight and critical ground 
support systems to control risk and enhance reliability. The 
component management program includes components 
selection, review, verification, approval, traceability, testing, 
packaging, storage, acquisition, and application [1], while the 
system R&M program addresses system R&M design and 
operational performance requirements, R&M engineering 
analysis and integration, and risk assessment and management 
[ 2 ]. 

System reliability analysis typically assumes exponential 
distributions for the components’ time to fail. However, 
depending on workmanship condition, use condition and 
effectiveness of screening procedures, components may not 
always operate under the constant failure region, which 
follows the assumed exponential distribution. Without a 
comprehensive component management program, it is 
possible that components may yield early failures or infant 
mortality or sometimes even wear-out failures under certain 
use conditions. Therefore, component reliability analysis and 
system reliability analysis should not be considered separately, 
but rather be evaluated at the same time, while fully 
understanding the limitations of each analysis and the 
relationship between the two analyses is the key. 

In this paper, a number of flight computing architectures 
and related avionics components for launch vehicles are 
studied, in an attempt to address the fundamental differences 
between the basics of component reliability and system 
reliability, and the impact of component reliability on system 
reliability. In addition, the limitations of system reliability 


analysis, the misconceptions of either using system reliability 
to direct component selection or interpreting system reliability 
in absolute values without fully understanding the assumptions 
the analysis is based upon, the meaningful relationship of parts 
reliability and system reliability, and its implementation for 
space applications which require a high level of reliability of 
the missions, are also provided in the paper. 

II . System Reliability of computing Architectures 

Various avionics computing architectures similar to existing 
designs are examined in response to a potential future need to 
assess and/or design avionics computing architectures for a 
launch vehicle. Representative computing architectures are 
selected for detailed study from perspectives of reliability, 
mass, power, data integrity, software implementation, and 
hardware and software integration [3]. The six selected 
architectures are listed below: 

a) Fully Cross-Strapped Switched Triplex Voter (FCSSTV) 

b) Partially Cross-Strapped Switched Triplex Voter 

(PCSSTV) 

c) Channelized Bussed Triplex Voter (CBTV) 

d) Fully Cross-Strapped Switched Self-Checking (FCSSC) 

e) Fully Cross-Strapped Bussed Self-Checking (FCSBSC) 

f) Channelized Bussed Self-Checking (CBSC) 

The selected architectures include both self-checking and 
voting architectures, with either bussed or switched 
interconnections, and with various levels of cross-strapping. In 
order to compare the reliability, mass and power of all the 
architectures, it is assumed i) all architectures have one-fault 
tolerant by design, ii) the same lists of sensors and effectors, 
and iii) the same failure rate and failure criteria for each type 
of sensor or effector. The sensors and effectors include flight 
computer (FC), data acquisition unit (DAU), pyro initiation 
controller (PIC), thrust vector controller (TVC), etc. More 
details in full paper. 

For system reliability analysis, all the selected computing 
architectures are modeled by Reliability Block Diagram 
(RBD) Analysis, Cut Set Analysis, and Importance Measure 
Analysis [4]. The system analyses are based on the mean time 
to fail (MTTF) of each component assuming an exponential 
distribution. Fig. 1 shows the reliability plot for the six 
architectures assuming exponential distributions for all 


components. Table 1 summarizes the architecture reliability at 
24 hours and 9 months. 



Figure 1 . Reliability plot for the architectures assuming exponential 
distributions for all components. 

Table 1. Summary of Architecture Reliability 


Architecture 

R (24 hrs) 

R (9 months) 

FCSSTV 

0.999993 

0.666999 

PCSSTV 

0.999991 

0.613596 

CBTV 

0.999979 

0.464581 

FCSSC 

0.999992 

0.648547 

FCSBSC 

0.999992 

0.64673 

CBSC 

0.998334 

0.389427 


A simple interpretation from Figure 1 and Table 1 may 
indicate that a lesser stringent component program is needed 
for short missions, or turning off the avionics system regularly 
may help improve system reliability. Both concepts fail to 
consider either the assumptions associated with the system 
reliability analysis or the assumptions associated with 
component reliability and, therefore, are mistaken. When 
proper assumptions are made such as the assumptions 
described above, system reliability analysis is an excellent 
approach for comparisons among the architectures and for 
correlation of the component contribution to the system 
reliability and therefore leading to the system reliability 
improvement through component reliability enhancement. 
However, the assumptions and limitations of the system 
reliability analysis need to be fully considered so that the 
results of system reliability are interpreted along with the 
component reliability to avoid jumping into a misleading 
conclusion. 

III. Component Reliability Impact on System 
Reliability 

While system reliability analysis is mainly based on 
statistics, component reliability analysis relies on statistics as 
well as technology and physics of failures. 


A. Statistics 

The system reliability analysis performed above assumes 
that component’s time to fail follows an exponential 
distribution. The probability density function of exponential 
distribution is 

/(t) = X exp (-At) (1) 

where X is the rate parameter. The MTTF of exponential 
distribution is 

MTTF 'exponential = \ ( 2 ) 

The probability density function of Weibull distribution is 

/(t ) = ^p eX p [_(£/] (3 ) 

where a is the scale parameter and p is the shape parameter. 
MTTF of Weibull distribution is 

MTTF Weibull =a*r(i+l) (4) 

where T(z) is the gamma function. 

Since MTTF is the defining parameter for the component 
reliability statistics for system reliability analysis assuming 
exponential distribution, we can translate the exponential 
distributions used in the above system reliability analysis into 
a set of Weibull distributions keeping the same MTTF, i.e. 
MTTF 'exponential = MTTF Weibull to define a set of a and p 
pairs for Weibull using (2) and (4). An example of cumulative 
density function of the Weibull distributions with p ranging 
from 0.5 and 2 keeping the same MTTF of exponential 
distribution for a component are plotted in Fig. 2, showing the 
reliability of the component decreases as P decreases for a 
short mission and increases as P decreases for a long mission. 
This means that the reliability of the component can be 
anywhere on the curves in Fig. 2 if MTTF remains the same 
but with different P values. 

For example, assuming MTTF of the exponential 
distribution is the same as the MFFT of the weibull 
distributions with a number of pre -determined P values, a set 
of a and P pairs can be calculated through (2) and (4) to define 
a set of Weibull distributions, all of which will have the same 
MTTF with other and the same MTTF of the exponential 
distribution. The cumulative density function of the Weibull 
distributions with P ranging from 0.5 and 2 and the same 
MTTF for a component are plotted in Figure 2, showing the 
reliability of the component decreases as P decreases for a 
short mission and increases as P decreases for a long mission. 
This means that the reliability of the component can be 
anywhere on the curves in Figure 2 if MTTF remains the same 
but with different P values. 
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Figure 2. Cumulative density function plot for Weibull distributions with P 
ranging from 0.5 to 2, keeping the same MTTF of exponential distribution 


The contributions of components to the system reliability 
of the architectures are shown in Fig. 3 [4], from which the 
flight computers (FC) have the most contribution to the system 
reliability compared to other components. Using the approach 
described above to define a set of Weibull distributions while 
keeping the same MTTF of exponential distributions used for 
flight computers, the reliability of architecture FCSSTV is re- 
calculated with different p values keeping the same MTTF for 
flight computers only, shown in Fig. 4. 
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Figure 3. The percentage of contributions of components to system reliability. 


In Fig. 4, only one component, i.e., flight computer, is 
assumed Weibull distributions with different P values while 
maintaining the same MTTF, there is no changes to other 
components. The fact that the system reliability numbers are 
sensitive to the P value indicates that the system reliability is a 
function of the component reliability and, therefore, the 
workmanship, use condition and effectiveness of screening 
procedures of the components cannot be overlooked during the 
system reliability analysis. 


Figure 5(a)-(d) show the reliability of all the six 
architectures with different P values while keeping the same 


MTTF for flight computers. Fig. 4 and 5 indicate the same 
trend for all architectures that the change of the shape 
parameter P would yield a different system reliability 
compared to P equal to 1, which is the common assumption for 
system reliability analysis. 

Due the page limit of the abstract, the more complex 
impact of multiple components on the system reliability 
(Relax runs for all components), the different responses of the 
architectures to the P values due to the different contribution 
distributions of the component, and the cross-over effects of 
CDF (Relex runs for longer time) and system reliability are to 
be addressed in the full paper. 
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Figure 4. Reliability plot of FCSSTV with p ranging from 0.5 to 2, keeping 
the same MTTF of exponential distribution for flight computers. 



Figure 5(a). Reliability plot of the architectures with P equal to 0.5, keeping 
the same MTTF for flight computers. 


B. Failure Modes 
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Figure 5(b). Reliability plot of the architectures with |3 equal to 0.8, keeping 
the same MTTF for flight computers. 
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Figure 5(c). Reliability plot of the architectures with p equal to 1 .0, keeping 
the same MTTF for flight computers. 
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Figure 5(d). Reliability plot of the architectures with (3 equal to 2.0, keeping 
the same MTTF for flight computers. 


Since the shape parameter P corresponds to the different 
failure modes for components, i.e., infant mortality when P is 
less than 1, random defects when P is equal to 1, and wear-out 
when P is greater than 1, the results of system reliability 
analysis can be misleading if components are not properly up- 
screened or used under a certain bias condition where different 
failure modes may occur. 

Table 2 gives the system reliability of the architectures at 
24 hours and 9 months with p ranging from 0.5 to 2. The 
architectures do have a different level of sensitivity to the 
change of p. While the changes of the system reliability 
numbers are more evident for longer time, e.g. 9 months, the 
channelized architectures CBTV and CBSC are more sensitive 
to P values compared to other architectures, since the number 
of “9”s changes even when P changes from 1 to 0.8. This 
indicates that the up-screening of the component to ensure that 
the early failures are excluded is critical to mission success, 
even for a short mission. It is therefore a critical decision for 
the mission to evaluate the risk and risk mitigation of using the 
components with lesser grade which has less stringent up- 
screening procedures. Cost associated with the use of the 
components with higher grade is of importance as well; 
however, different cost models are available, with one 
example of NASA cost model referenced in [5]. 

Table 2. Summary of Architecture Reliability with P between 
0.5 and 2 


Beta 

R (24 hrs) 

FCSSTV 

PCSSTV 

CBTV 

FCSSC 

FCSBSC 

CBSC 

0.5 

0.995388 

0.995412 

0.994807 

0.993915 

0.993867 

0.992985 

0.8 

0.999935 

0.999932 

0.999878 

0.999910 

0.999923 

0.999825 

1.0 

0.999982 

0.999982 

0.999968 

0.999976 

0.999989 

0.999960 

2.0 

0.999986 

0.999984 

0.999985 

0.999981 

0.999994 

0.999981 

Beta 

R (9 months) 

FCSSTV 

PCSSTV 

CBTV 

FCSSC 

FCSBSC 

CBSC 

0.5 

0.390061 

0.358168 

0.195661 

0.344148 

0.341046 

0.124876 

0.8 

0.600525 

0.551993 

0.375597 

0.570492 

0.567588 

0.289916 

1.0 

0.666420 

0.612354 

0.463806 

0.647530 

0.645730 

0.389427 

2.0 

0.736666 

0.676404 

0.656380 

0.734770 

0.736430 

0.650573 


Majority of the failure or degradation mechanisms are 
accumulative; some are more aggravated at higher 
temperature, some are more sensitive to thermal cycling, and 
some are more prominent under bias or power-on condition. 
Not all the failure modes are alike and more details to be 
included for system reliability improvement in the full paper. 

C. Long Missions 

It is evident that the system reliability decreases for long 
missions. This may not be an issue for short missions such as 
launch vehicles, but is critical for long mission such as crew- 
vehicles. The statistics assumptions and component 
assumption described so far enable the architecture reliability 
comparisons and reliability improvements; however, more 
studies are needed if the absolute system reliability numbers 
are used for design/mission decisions. More in the full paper. 


D. System Reliability Improvement 

System reliability can be improved by enhancing 
component reliability, adding component and/or module level 
redundancy, and keeping simple core critical avionics 
architecture designs. System reliability analysis provides 
distributions of the failure probability contribution from each 
component and indicates different reliability improvement 
path for the architectures. The level of redundancy needed 
depends on the component reliability, architectures design, 
mission lifetime, etc. which will be discussed in the full paper. 

IV. Summary 

This paper is to address the basics, the limitations and the 
relationship between component reliability and system 
reliability through a study of flight computing architectures 
and related avionics components to show that component 


reliability analysis and system reliability analysis need to be 
evaluated at the same time, and the limitations of each analysis 
and the relationship between the two analyses need to be 
understood. 
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